May 27, 2024 at 10:50AM
Sav-Rx, a prescription management company, has alerted 2.8 million individuals in the U.S. of a data breach in 2023. Hackers accessed personal data including names, birthdates, Social Security numbers, and more. Despite minimal impact on operations, the company took eight months to investigate and notify affected parties, implementing new security measures and offering credit monitoring.
Summary of Meeting Notes:
– Sav-Rx, a prescription management company in the U.S., experienced a data breach in October 2023, impacting over 2.8 million individuals.
– The breach resulted in unauthorized access to non-clinical systems, compromising personal information such as full names, dates of birth, Social Security Numbers, email addresses, physical addresses, phone numbers, eligibility data, and insurance identification numbers.
– Sav-Rx discovered the breach on October 8, 2023, and restored their IT systems promptly, ensuring minimal impact on business operations and no delays in prescription shipments or pharmacy claims.
– The investigation, conducted with the assistance of third-party experts, took almost eight months to complete and revealed that the hackers first accessed customer data on October 3, 2023.
– Due to the focus on minimizing patient care interruption, notices of breach were delayed, with health plan customers being notified earlier between April 30 and May 2, 2024. Sav-Rx struggled to obtain contact information for some affected individuals, urging them to confirm by calling a provided number.
– The company has implemented various new security measures in response to the incident, including setting up a 24/7 security operations center, implementing multi-factor authentication, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.
– Sav-Rx is offering impacted individuals instructions on enrolling in a two-year credit monitoring and identity theft protection service, as well as advising them to monitor their credit reports for fraudulent activity.
Please let me know if you need any further information or details from the meeting notes.